Skip to main content

Manage and renew existing certificates

You can manage certificate lifecycles for a connected F5 appliance directly from the DigiCert​​®​​ Trust Lifecycle Manager Inventory view.

Available lifecycle management actions depend on the current certificate status and may include options to renew, reissue, request a duplicate certificate, get your next certificate for multi-year orders, or switch to another certificate authority (CA).

To enable auto-renewal for a certificate, select a certificate profile that includes this option or enter the auto-renew settings when you schedule a lifecycle event. Thereafter, the certificate will be automatically renewed and redeployed whenever it approaches expiration.

Let op

To install new certificates on F5 virtual IPs that do not currently have certificates installed, see Deploy new certificates to unsecured endpoints.

Submit a certificate automation request

To request automated lifecycle management of an existing certificate:

  1. From the Trust Lifecycle Manager main menu, select Inventory.

  2. Use the View inventory functions to display the certificate you want to manage.

  3. Hover the Common name for the certificate you want to manage and select one of the available automation actions on the right. Available actions depend on the current certificate deployment status and may include:

    • Request: Issue and deploy a duplicate certificate.

    • Renew: Issue and deploy the same certificate with new validity dates.

    • Reissue: Issue and deploy a new certificate from the same CA with the same validity dates. Use this action to deploy a fresh certificate after making changes to one of your certificate profiles, or to get the next certificate in a CertCentral multi-year plan.

    • Switch: Issue and deploy a new certificate from a different CA.

    Let op

    Automation actions may display as either icons or selections in the actions (three dots) menu to the right of the certificate common name. For actions presented as icons, hover the icon to see the associated action.

  4. Fill out the Automation request form:

    • Profile: Select the certificate automation profile for the certificate to issue. When renewing or reissuing a certificate with an active profile in Trust Lifecycle Manager, the associated certificate profile gets pre-selected here.

    • Certificate information: Verify the common name and any subject alternative names (SANs) for the certificate.

    • Additional order options: (Optional) If present, use this field to enter comments and information about the order. This information does not get added to the actual certificate.

    • Schedule certificate automation: Select whether to run the lifecycle management action now or schedule it for a later date and time.

    • Auto-renew: (Optional) Select any auto-renewal options for the certificate. These options will apply to this certificate only and override any auto-renew options configured in the certificate profile.

    • Scripts: (Optional, for web servers only) For F5 appliances, skip this section.

    • Tags: (Optional) Apply one or more tags to the issued certificate to help identify it in Trust Lifecycle Manager for management and tracking purposes.

    • Select the checkbox at bottom to acknowledge acceptance of the Certificate Services Agreement.

  5. Select Submit to finalize the certificate automation request.

Check status of a certificate lifecycle event

To check the status of a scheduled lifecycle automation event for a certificate:

  1. From the Trust Lifecycle Manager main menu, select Inventory.

  2. Use the View inventory functions to display the applicable certificate. To view only those certificates with an automation event scheduled, filter inventory by the Automation status column and select Automation scheduled.

  3. Use one of the following options to view the automation event status for a certificate in the inventory table:

    • Hover the certificate Common name and select the "eye" icon on the left.

    • Select the certificate Common name to view the details for it. Then select the Automation tab to view the automation configuration for the certificate, and from there select the See automation request link.

    Both options open a siderail on the right with the automation event status and details.

Bulk reissue or renew certificates

Use the Bulk Reissue / Renew action when you need to rotate out multiple installed certificates with new certificates from the same CA. When you run this bulk action:

  • The system attempts to reissue the selected certificates if possible. If successful, it issues and deploys a new certificate from the same CA with the same validity dates and auto-renew options.

  • For certificates it cannot reissue, the system attempts to renew the certificates instead. If successful, it issues and deploys the same certificate with new validity dates.

To request bulk reissue/renewal of multiple certificate deployments:

  1. From the Trust Lifecycle Manager main menu, select Inventory.

  2. Use the View inventory functions to display all the certificates you want to manage.

  3. Select the applicable certificates using the checkboxes to the left of the Common name.

  4. Open the Bulk actions dropdown for one of the selected certificates, and select Reissue / Renew.

  5. Fill out the Bulk Reissue / Renew form:

    • Job name: Enter a name for this lifecycle management job to help track status of the bulk request.

    • Choose profile: Certificates with active certificate automation profiles in Trust Lifecycle Manager will be reissued or renewed from those same profiles. For certificates without an associated profile, select a profile to issue the new certificates from:

      • Sensor profile: To automate certificates on an F5 appliance, select an available profile with the DigiCert sensor enrollment method.

      • Agent profile: This only applies to web servers. For F5 appliances, skip this section.

    • Schedule certificate automation: Select whether to run the lifecycle management action now or schedule it for a later date and time.

    • Select the checkbox at bottom to acknowledge acceptance of the Certificate Services Agreement.

  6. Select Submit to finalize the certificate automation request.

Bulk switch certificate authority (CA)

Use the Bulk Switch CA action when you need to replace multiple installed certificates with new certificates from a different CA.

To request bulk CA replacement of multiple certificate deployments:

  1. From the Trust Lifecycle Manager main menu, select Inventory.

  2. Use the View inventory functions to display all the certificates you want to manage.

  3. Select the applicable certificates using the checkboxes to the left of the Common name.

  4. Open the Bulk actions dropdown for one of the selected certificates, and select Switch CA.

  5. Fill out the Bulk Switch CA form:

    • Job name: Enter a name for this lifecycle management job to help track status of the bulk request.

    • Switch CA: Select the new CA vendor to switch selected certificates to.

    • Profile: Select an available certificate automation profile for issuing certificates from the new CA vendor you selected. To manage certificates on an F5 appliance, the profile you select must be configured with the DigiCert sensor enrollment method.

    • Schedule certificate automation: Select whether to run the lifecycle management action now or schedule it for a later date and time.

    • Select the checkbox at bottom to acknowledge acceptance of the Certificate Services Agreement.

  6. Select Submit to finalize the certificate automation request.

Check status of bulk automation requests

To check automation event status for the certificates in a bulk automation job:

  1. From the Trust Lifecycle Manager main menu, select Inventory.

  2. Use the View inventory functions to display all the certificates in the bulk automation job:

    1. If the Job name column is not shown, add this column by selecting the table settings on the top-right.

    2. Filter by the Job name column and select the name of the applicable bulk automation job.

  3. After filtering by job name, only certificates included in that bulk automation job are listed. Use one of the following options to view the automation event status for any of the certificates:

    • Hover the certificate Common name and select the "eye" icon on the left.

    • Select the certificate Common name to view the details for it. Then select the Automation tab to view the automation configuration for the certificate, and from there select the See automation request link.

    Both options open a siderail on the right with the automation event status and details.

publicatie datum: